User unable to login to application without membership in a specific group when SSO is enabled
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When SSO is enabled, newly created users are unable to login to application without membership in a specific group.
For example, Confluence and JIRA are connected to Crowd as the user directory, with SSO. In this situation:
A new User A is created in Crowd
User A is assigned membership in the confluence-users group in Crowd
Authentication tests for the user in the Confluence application in Crowd are successful
Synchronizing the Crowd user directory to Confluence is successful
User is unable to login to Confluence with the following error:
Users are able to log in to the application once they are provided membership in the jira-users group.
Cause
The information in the crowd.properties configuration file inside the affected application is incorrect. In this example, the issue is caused by the crowd.properties file in Confluence, which uses the application information and credentials that connect to the JIRA application. Therefore, when SSO is enabled, Confluence will attempt to connect to the JIRA application during authentication. If the user does not have the group with the use permission in JIRA (here, jira-users), they will not be able to log in to Confluence.
Resolution
Modify
crowd.propertiesand ensure that the information matches the application information as configured in Crowd. See thisdocumentation for information on how to configure SSO.
Was this helpful?